diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 7 |
3 files changed, 17 insertions, 0 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index fdd2b8edd..78c0e5c60 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -40,6 +40,7 @@ int checkcfg(int val) { | |||
40 | cfg_val[i] = 1; // most of them are enabled by default | 40 | cfg_val[i] = 1; // most of them are enabled by default |
41 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default | 41 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default |
42 | cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default | 42 | cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default |
43 | cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default | ||
43 | 44 | ||
44 | // open configuration file | 45 | // open configuration file |
45 | char *fname; | 46 | char *fname; |
@@ -258,6 +259,14 @@ int checkcfg(int val) { | |||
258 | else | 259 | else |
259 | goto errout; | 260 | goto errout; |
260 | } | 261 | } |
262 | else if (strncmp(ptr, "private-bin-no-local ", 21) == 0) { | ||
263 | if (strcmp(ptr + 21, "yes") == 0) | ||
264 | cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 1; | ||
265 | else if (strcmp(ptr + 21, "no") == 0) | ||
266 | cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; | ||
267 | else | ||
268 | goto errout; | ||
269 | } | ||
261 | else | 270 | else |
262 | goto errout; | 271 | goto errout; |
263 | 272 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 7043aa0ca..c0536502e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -651,6 +651,7 @@ enum { | |||
651 | CFG_OVERLAYFS, | 651 | CFG_OVERLAYFS, |
652 | CFG_CHROOT_DESKTOP, | 652 | CFG_CHROOT_DESKTOP, |
653 | CFG_PRIVATE_HOME, | 653 | CFG_PRIVATE_HOME, |
654 | CFG_PRIVATE_BIN_NO_LOCAL, | ||
654 | CFG_MAX // this should always be the last entry | 655 | CFG_MAX // this should always be the last entry |
655 | }; | 656 | }; |
656 | extern char *xephyr_screen; | 657 | extern char *xephyr_screen; |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 6c4db57b4..40539305f 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -46,6 +46,13 @@ static char *check_dir_or_file(const char *name) { | |||
46 | 46 | ||
47 | int i = 0; | 47 | int i = 0; |
48 | while (paths[i]) { | 48 | while (paths[i]) { |
49 | // private-bin-no-local can be disabled in /etc/firejail/firejail.config | ||
50 | if (checkcfg(CFG_PRIVATE_BIN_NO_LOCAL) && strstr(paths[i], "local/")) { | ||
51 | i++; | ||
52 | continue; | ||
53 | } | ||
54 | |||
55 | // check file | ||
49 | if (asprintf(&fname, "%s/%s", paths[i], name) == -1) | 56 | if (asprintf(&fname, "%s/%s", paths[i], name) == -1) |
50 | errExit("asprintf"); | 57 | errExit("asprintf"); |
51 | if (arg_debug) | 58 | if (arg_debug) |